I'm getting a problem with errors in the event log: Source: EvntAgnt Event ID: 3007 Desc: Error opening event log file ForwardedEvents. Log will not be processed. Return code from OpenEventLog is 1338. I have an event view log in the listed called "ForwardedEvents" but get an error when I click on it: "Unable to complete the operation on "ForwardedEvents" The security descriptor structure is invalid." I found a question similar to this in another thread however was in posted in the wrong forum so no answers. Running Windows Server 2003 Standard. Not aware of any forward/collector events running on this server or any other in the domain, however it looks like this is a custom event forward created. Found the article on event viewer wecutil (http://msdn.microsoft.com/en-us/library/bb870973(v=vs.85).aspx) however unsure how to debug. Found the location of the eventvwr log in reg: HKLM, System, CurrentControlSet, Services, Eventlog, Forwarded Events - but no reference to any forwards or permissions etc. Permissions on the .evt file are the same as others which are viewable.

Hi, This issue can occur when the security descriptor for the security events logs is incorrect or corrupt. You may perform the following troubleshooting suggestions: 1. Take a backup of HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Security 2. Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Security, modify the contents of CustomSD key by copying the contents from a working server. Regards,Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.